In MVC design pattern, where is the best place for validating the user session. Most of the applications I see they use some common jsp file for ensuring the session. But problem is by the time request is in VIEW, the request is gone through the CONTROLLER and MODEL,
I want to restrict the user in controller it self, what is the best pattern in doing this?
I am not sure even this is good way of ensuring valid session (in controller) or not, any comments/suggestions are welcome.
Thanks in advance
First, a fast answer:
If you are using a server that supports Servlet 2.3, use a Filter. Filters are invoked before any URL (including both your controllers or your views), and therefore allow you the most flexibility to perform global pre-processing operations like checking whether sessions are valid.
Failing that, I suggest you set up some sort of Front Controller to manage your session checking. Most MVC frameworks have some sort of central servlet that is invoked before the controllers. In Struts, for example, this will be the ActionServlet. Assuming you are creating your own framework, you can use this FrontServlet to perform common global operations. This will work pre-Servlet 2.3.
You can set up the FrontController servlet to be invoked for URL patterns that match a particular pattern, e.g. (using Struts as an example again) "/action/*" or "*.do". Your front controller can then (a) perform any necessary global preprocessing such as security checks, and then (b) invoke your individual controller components based on the full URL.
Better to use validation plug-in
you can find how to use it in the link below
sorry, i misunderstood your question, pls discard my answer